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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 1 1 May 2006 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) See Continuation Sheet is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim (s) See Continuation Sheet is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Application No. 09/894,918 



Continuation of Disposition of Claims: Claims pending in the application are 1,3-7,11,12,16,17,19,20,22- 
26,28,30,31,35,36,38,39,41-45,47,49,50,54,55,57-62,64 and 67-73. 



Continuation of Disposition of Claims: Claims rejected are 1,3-7,11,12,16,17,19,20,22-26,28,30,31,35,36,38,39,41- 
45,47,49,50,54,55,57-62,64 and 67-73. 
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DETAILED ACTION 

Response to Amendment 

This action is in response to Applicant's amendment filed May 11, 2006. Claims 70-73 
are newly added. Claims 1, 3-7, 11-12, 16-17, 19-20, 22-26, 28, 30-31, 35-36, 38-39, 41-45, 47, 
49-50, 54-55, 57-62, 64 and 67-73 are pending in the present application. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 3-7, 11-12, 16-17, 19-20, 22-26, 28, 30-31, 35-36, 38-39, 41-45, 47, 49-50, 54- 
55, 57-62, 64 and 68-70 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cox 
(U.S. Patent No. 6,738,814; hereinafter Cox) in view of Eichstaedt et al. (U.S. Patent No. 
8,62,230; hereinafter Eichstaedt) in further view of Maher, III et al. (U.S. Patent No. 6,654,373; 
hereinafter Maher), in further view of Alcendor et al. (U.S. Patent No. 6,337,899; hereinafter 
Alcendor). 

In considering claims 1, 4-5, 19-20, 22-23, 38-39 and 41-42, the combined system of 
Cox, Eichstaedt, Maher and Alcendor discloses a method for securing an accessible computer 
system, the method comprising: 
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receiving more than one data packet at a network device (col. 3, lines 26-29) each 
includes a payload portion and an attribute portion (fig, 2 step 20 and col. 3, lines 30-33), 
received packets are analyzed; packets include a payload portion and an attribute portion and are 
communicated between at least one access requestor (fig. 1, means 16, access requestor or 
attacker) and at least one access provider through the network device (fig. 1 means 12, access 
provider); monitoring at the network device at least the payload portion of the data packet 
received by scanning the payload portion for at least one predetermined pattern (col. 3, lines 41- 
45); While Cox discloses analyzing incoming packets against known patterns and denying access 
to the access provider by the access requestor when there is a match of the known pattern, Cox 
does not disclose the step of counting the number of data packets that include the predetermined 
pattern and denying access when that number exceeds a configurable threshold. 

Nonetheless, denying access to client computers of data object access through a server 
computer when a predefined minimum value is exceeded is well known as evidenced by 
Eichstaedt. In similar art Eichstaedt discloses a method for automatically limiting access of a 
client computer to data objects accessed through a server computer wherein when a server 
receives a data request (packet) from a client machine over the network, the request values of the 
received request having a client identifier (pattern) matching a logged entry are calculated and 
compared to a predefined maximum request values. If the request values exceed a corresponding 
predefined maximum request value, the request is refused or denied (see Eichstaedt col. 6, lines 
46-61). 

It would have been obvious to a person having ordinary skill in the art to modify the 
system for blocking denial of service attacks to include the step of counting a number of data 
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packets including a predetermined pattern in addition to matching the predetermined pattern and 
denying access when that number exceeds a configurable threshold in order to decrease or deny 
abusive traffic (i.e. denial of service attacks) thereby preventing server or website shut downs, 
flooding, and overloading. Attacks can cause websites to temporarily cease operation and 
interrupt access by legitimate consumers, it would thus be advantageous to incorporate such a 
system to avoid such a costly, in both time and money; non-operation period. Therefore the 
claimed limitations would have been obvious modifications. 

Cox further discloses denying access by the access requestor to the access provider when 
a number of payload portions that include the predetermined pattern exceed the threshold 
number (see Cox col. 3, lines 41-54). While Cox discloses analyzing the incoming packet against 
known patterns, Cox does not explicitly disclose that the monitoring includes scanning at least 
the payload portion of the data packet for at least one predetermined pattern. Nonetheless, 
scanning the packet's payload and matching it against known patterns or strings is well known as 
evidenced by Maher. In similar art, Maher discloses a payload analyzer that scans the contents of 
data packet's payload and attempts to match the payload contents against a database of known 
strings (col. 2, lines 64-66). 

According to Maher, the ability to look beyond the header information, while still in the 
fast-path and into the packet contents; would allow a network device to identify the nature of the 
information carried in the packet, thereby allowing much more detailed packet classification. The 
knowledge of the content would also allow specific contents to be identified and scanned to 
provide security such as virus detection, denial of service prevention, etc. It would have been 
obvious for a person having ordinary skill in the art, to modify the system as taught by Cox to 
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include the step of scanning the entire packet including the payload in order to maintain an 
awareness of content over an entire traffic flow, and identify and filter out security problems 
such as email worms, viruses, denial of service attacks, and illegal hacking. 

Cox also fails to explicitly teach monitoring the payload portion of the data packets 
directed from at least one of the access providers to at least one of the access requestors, and 
denying subsequent when the number of the data packets received from the access provider to 
the access requestor exceeds a configurable threshold number. Nonetheless, this feature is being 
taught by Alcendor, which discloses limiting a number of login retries in a server, and rejecting 
the login attempt based on the number of login retries from the server to the client (see col. 7, 
lines 27-33). 

At the time the invention was made, one of ordinary skill in the art would have been 
motivated to monitor and limit data packets directed from the access provider to the access t 
requestor in order to limit the amount of access in the system, therefore enhancing its security. 

In considering claims 3, 22, and 41, the combined system of Cox, Eichstaedt, Maher and 
Alcendor that: monitoring the data packets includes scanning the payload portion while handling 
the data packets with a switch (See Maher, col. 11, lines 3-17). 

In considering claims 6, 25, and 44, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that at least one data packet is distinguished based on an Internet address 
associated with the packet (See Eichstaedt col. 6, lines 46-48). 



Application/Control Number: 09/894,91 8 Page 6 

Art Unit: 2143 

In considering claims 7, 26, and 45, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that receiving the data packet includes receiving more than one data packet; 
and monitoring the data packet includes monitoring all of the data packets received (See Maher 
col. 7, lines 10-19). 

In considering claims 28, and 47, the combined system of Cox, Eichstaedt, and Maher 
and Alcendor discloses that the data packets are monitored when communicated from the client 
to the host or from host to the client (See Maher col. 3, lines 39-45). 

In considering claims 11, 30, and 49, the combined system of Cox, Eichstaedt, and Maher 
and Alcendor discloses that the predetermined pattern includes a login failure message 
communicated from the access requestor to the access provider (See Maher col 7, lines 15-17). 

In considering claims 12, 31, and 50, although the combined system of Cox, 
Eichstaedt, Maher and Alcendor discloses the system substantially as claimed, it does not 
specifically disclose that the data packets include a token-based protocol packet, a TCP packet or 
a PPP packet. Examiner takes official notice that the aforementioned packets are well known 
packets of well-known Internet protocols such as TCP and PPP. A person having ordinary skill 
in the art would have readily recognized the uses and advantages of including different types of 
protocols and their respective packets in order to comply with multiple standards thus making the 
system more extensible. Therefore the claimed limitation would have been an obvious 
modification. 
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In considering claims 16, 35, and 54, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that denying communication of subsequent data packets includes affecting 
bandwidth for communications between the access requestor and the access provider (See Maher 
col. 7, lines 56-67 through col. 8, lines 1-6). 

In considering claims 17, 36, and 55, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that denying access includes rerouting the access requestor (See Maher col. 3, 
lines 25- 38). 

In considering claims 19, 38, 57, the combined system of Cox, Eichstaedt, Maher and 
Alcendor discloses that receiving the data packet includes receiving more than one data packet; 
and denying subsequent data packets from the requestor to the access provider when a number of 
payload portions that include the predetermined pattern exceed a configurable threshold number 
during a configurable period of time (See Cox. col. 3, lines 11-29 and col. 4, lines 16-40). 

In considering claim 58, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method as in claim 1 wherein denying subsequent access by the access requestor to 
the access provider further comprises denying subsequent access from a group of access 
requestors to the access provider when a number of payload portions within the data packets that 
are received from the access provider by at least one access requestor which is a group member, 
include the predetermined pattern exceed a configurable threshold number (See Cox, col. 3, lines 
1 1-29 and col. 4, lines 16-40). 
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In considering claim 59, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 further comprises determining whether the access requestor is on 
a permitted access list that is associated with the access requestors, allowing subsequent access 
from the access requestor to the access provider conditioned on whether or not the access 
requestor is determined to be included in the permitted access list (See Cox. col. 3, lines 1 1-29 
and col. 4, lines 16-40). 

In considering claim 60, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 59 wherein determining whether the access requestor is included 
in the permitted access list further comprises determining whether the IP address of the access 
requestor is included in the permitted access list (see Eichstaedt col. 6, lines 46-61). 

In considering claim 61, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 wherein subsequent access by the access requestor to the access 
provider is denied for a pre-determined and limited period of time (see Alcendor, col. 7, lines 27- 
33). 

In considering claim 62, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 61 wherein denial of subsequent access by the access provider 
starts a new pre-determined and limited time period upon detecting an access request from the 
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access requestor during the elapsing of the predetermined and limited period of time (see 
Alcendor, col. 7, lines 27-33). 

In considering claim 64, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1, wherein denying subsequent access by the access requestor is 
performed in response to a command received from the access provider, irrespective of the 
inspection of data packets received from the access provider (see Alcendor, col. 7, lines 27-33). 

In considering claim 67, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 1 wherein the predetermined pattern further includes a login 
request message (see Alcendor, col. 7, lines 27-33). 

In considering claim 68, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 1 wherein the login failure message includes a signature located 
at a specific offset from an end of the data packet communicated from the access provider of the 
access requestor (see Alcendor, col. 7, lines 27-33). 

In considering claim 69, the combined system of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 1 wherein login failure message includes login failure reasons 
(see Alcendor, col. 7, lines 27-33). 
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In considering claim 70, the combined method of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 wherein the network device is physically independent process 
from the access providers (See Cox: figure 1). 

In considering claim 71, the combined method of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 wherein the network device is a switch (see Cox, figure 1). 

In considering claim 72, the combined method of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 1 wherein the access provider is a device configurable to make a 
determination of whether access is permitted (see Eichstaedt col. 6, lines 46-61). 

In considering claim 73, the combined method of Cox, Eichstaedt, Maher and Alcendor 
discloses the method of claim 72 wherein the access provider is the field arbitrator of whether 
access is provided (see Eichstaedt col. 6, lines 46-61). 



Response to Arguments 
Applicant's arguments have been considered but are not found persuasive. In response to 
Applicant's argument that the combination of Cox, Eichstaedt, Maher and Alcendor fail to 
disclose or suggest: monitoring at the network device. . . and using the network device to deny 
subsequent data packets as amended, the PTO respectfully submits that this is being taught by 
Cox. As cited above, the abstract as well as figure 1 of Cox disclose the method of blocking 
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denial of service being done by a routing device (herein interpreted as a network device as 
claimed). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Alina N. Boutah whose telephone number is 571-272-3908. The 
examiner can normally be reached on Monday-Friday (9:00 am - 5:00 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on 571-272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-2 1 7-9 1 97 (toll-free). 
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